NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ACL rules M4300
I would like to create extended ACL's to allow only DHCP and DNS from a subnet to a server.
On Web GUI, when you create new rule for the IP ACL, only need input 4 fields as below, all other parameter just keep default config:
Sequence Number: input any value is ok;
Action: Permit
Protocol Type: UDP
Dst L4: input 53/67/68
The ending deny everything rule is default behavior, no need config by manual.
Then go to 'IP Binding Configuration' page, select the correct port that you want to apply this IP ACL rule.
Thanks, Eric, I would like to do this in the web interface. Is it possible to give me an example?
Should I mention the port number in the source and destination
Hi,
The examples for both CLI and Web GUI are in the Software Administration Manual starting page 172 (ACL chapter). That's Eric indicated the link to it.
https://www.netgear.com/support/product/m4300.aspx#docs
Specifically, http://www.downloads.netgear.com/files/GDC/M4300/M4300_SWA_EN.pdf
Unlike other manuals presenting all commands, the Software Administration Manual is a collection of real word examples with explained config.
I hope it will help you, please let us know how it goes
The examples for both CLI and Web GUI are in the Software Administration Manual starting page 172 (ACL chapter). That's Eric indicated the link to it.
https://www.netgear.com/support/product/m4300.aspx#docs
Specifically, http://www.downloads.netgear.com/files/GDC/M4300/M4300_SWA_EN.pdf
Unlike other manuals presenting all commands, the Software Administration Manual is a collection of real word examples with explained config.
I hope it will help you, please let us know how it goes
Please see the attached screenshot. Let me know if that is right?
- I think the source IP should be any and Destination IP should be any too. Only differentiation is on the three UDP ports Eric provided above. The ACL then would be ending with Deny everything at the end in your case. We bind the ACL to the ports in the ingress direction (traffic coming to the interface).
I think the source IP should be any and Destination IP should be any too. - How can I write any IP. Is it 0.0.0.0
Only differentiation is on the three UDP ports Eric provided above. - I have written 3 ACL's. one for port 67, one for port 68 and one for port 53(domain)
The ACL then would be ending with Deny everything at the end in your case. We bind the ACL to the ports in the ingress direction (traffic coming to the interface) - Do you mean I have to write an ACL at the end of this named ACL to deny everything else. Please see attached screenshot for deny everything else
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
